Phishing Scam Reported for DC Health Link

Congressional members and staff need to be on the lookout for a phishing scam as they seek to sign up for health insurance through the DC Health Link portal.

That was the advice Friday of DC Health Link spokesman Richard Sorian after receiving a report that a link to recover lost passwords was leading to a site seeking debit card numbers and personal identification numbers as identity verification, something no legitimate site would ask for.

Phishing involves deceiving users into thinking they are providing personal information to a secure entity, when they’re really giving it directly to scammers. CQ Roll Call received news of the scam attempt from one staffer who encountered the fraudulent site after repeated failed attempts to log in to what the user believed to be the legitimate system.

“I tried the ‘forgot password’ function. After about 15 attempts with that, I was finally taken to a forgot password page. On that page I was asked for my check card number and my ATM pin,” the congressional aide said.

“I was fairly confident this was a scam, so I called customer service. After a 103-minute hold time, I was told that this was indeed a scam,” the tipster said. “Hopefully the very kind customer service lady alerted tech support.”

Sorian said in an email that while DC Health Link couldn’t confirm a specific incident, he pointed to a document on the website warning that scammers might try to take advantage of those using the website.